Method for using a control device in a safety-related environment

ABSTRACT

There is described a method for using a mobile control device, with which a machine can be operated within an assigned effective range. To this end an effective range list is configured, which is checked on the basis of transponder data from RFID transponders.

CROSS REFERENCE TO RELATED APPLICATIONS

This application claims priority of European Patent Office applicationNo. 07015227.7 EP filed Aug. 2, 2007, which is incorporated by referenceherein in its entirety.

FIELD OF INVENTION

The invention concerns a method for using a mobile device in asafety-related environment.

BACKGROUND OF INVENTION

It is not permitted to perform dangerous actions on machines or systemsin the safety-related environment from just any location. Until now ithas only been possible to operate these systems at stationary points orusing wired devices. However, these limiting factors are obviated bywireless technology. To fulfill safety engineering requirements, areasmust be technically defined and an unambiguous assignment made to theseareas. It is already known for suitable effective ranges to be defined,within which a machine is operated wirelessly using a control device,the effective ranges being delimited by one or more RFID transponders.Safety requirements are imposed on the use of such control devices inconnection with the function of the effective ranges.

SUMMARY OF INVENTION

An object of the invention is hence to propose a method of the typementioned above which satisfies the requisite safety aspect byintroducing safety measures when configuring, commissioning and handlingthe effective ranges.

The object is achieved with the features as claimed in an independentclaim. In detail this method may include the following method steps:method for using a mobile control device, with which at least onemachine in a system can be operated, the control being effected withinan effective range assigned to the machine which is delimited by one ormore RFID transponders, having the following steps:

-   a) an effective range list is configured, containing the effective    range assigned to each of the RFID transponders installed in the    system, as well as the maximum distance between the control device    and the relevant RFID transponders and-   b) the effective range list is checked, for which purpose the    relevant transponder identification number is received from the RFID    transponders using the control device in test mode in the effective    ranges of the RFID transponders and subsequently the relevant    effective range identification number is displayed.

Advantageous developments of the method can be taken from the subclaims.

BRIEF DESCRIPTION OF THE DRAWINGS

An embodiment of the invention is explained in more detail below on thebasis of a drawing. The drawing shows:

FIG. 1 a system with a mobile, wirelessly communicating control devicefor operating machines in a safety-related environment,

FIG. 2 an effective range list for the control device of a systemaccording to FIG. 1,

FIG. 3 a list of effective ranges and names assigned to them and

FIG. 4 a flow chart showing method steps for implementing safetymeasures.

DETAILED DESCRIPTION OF INVENTION

FIG. 1 illustrates a system 1 for controlling machines 2 or systems. Thesystem 1 has a controller 3 and a mobile control device 4 which hasmeans for wireless communication, here in particular a radio link, withthe controller 3.

Operation of the machines 2 is permitted only after logging on ineffective ranges WB set using special RFID transponders (TAG) 5.“Dangerous” actions, e.g. movement of machines, cannot be performeduntil after logging on in these effective ranges WB.

To fulfill safety engineering requirements, areas must be technicallydefined, and a unique assignment to these areas must take place.Accordingly, effective ranges WB set by one or more RFID transponders 5are defined for the system 1. In this case the spatial definition of theeffective ranges WB is determined by the antenna characteristics of theRFID transponders 5 and by the configurable maximum distance between themobile control device and the relevant RFID transponders 5.

The mobile control device 4 has non-safety-related hardware and softwarecomponents (effective range module, WLAN, HMI, etc.) supported by asafety module (F module) with safety measures in order to implementsafety-related effective ranges WB according to the invention. To thisend the aforementioned set effective ranges are initially configuredusing an engineering system ES. For each effective range WB anassociated transponder identification number TAG ID and a maximumpermitted distance from the mobile control device 4 is allocated inaccordance with the table in FIG. 3.

An erroneous entry in the configuration (WB, TAG ID) using theengineering system ES or an erroneous installation of RFID transponders5 can result in impermissible control of the effective ranges WB. Toprevent this, safety mechanisms are defined which use technical andorganizational measures to check the configured effective ranges WB andto enable the configuration and the implemented effective ranges WB tobe approved.

The first safety measure is to perform a plausibility check on theparameters entered, by checking that the effective ranges WB and thetransponders are unique. Another check is made to see whether theconfigured distance within an effective range WB is identical. It isalso ensured that the configuration matches the installation in thesystem. This check on the configuration and installation is performed bythe user with the control device 4 and is supported technically by asafety-related parameter CRC.

To hinder or prevent logging on in an “incorrect” effective range WB afurther safety measure entails assigning a separate name to everyeffective range WB characterized by an effective range identificationnumber WB-ID, as illustrated in FIG. 3. The idea behind this is that the“unsafe” application HMI works with the names for the effective rangesWB and only the names for the effective ranges WB are displayed to theuser. In contrast, the safety module (F module) of the mobile controldevice 4 works with the effective range identification numbers WB-ID. Inthe event of a logon in an effective range WB the user must also belocated in the corresponding effective range WB, something which ischecked in the safety module (F module), for which purpose the userenters the associated effective range identification number WB-IDpermanently installed in the system using the HMI of the mobile controldevice 4. This entry is checked in the safety module (F module) usingthe currently determined data. In known fashion HMI is the human-machineuser interface.

The check on the effective range list WB List configured using theengineering system ES is performed on the basis of method steps 11 to26, which are illustrated in FIG. 4 and are explained below.

Method The first configuration is incomplete. The effective range step11: list is not checked as yet. Method The effective range list does notyet have a CRC step 12: signature. The F module and the HMI go intoeffective range check mode. Method step 13 The effective range moduleruns and supplies the received TAG IDs with the corresponding distances.Method step 14 The information from the TAGs is made available to the Fmodule. Method step 15 The TAG ID and associated effective range areshown on the display. Method step 16 The user checks the effective rangelist on the display with the code on the machine. If both are identical,the user confirms this effective range. Method step 17 During theconfirmation the HMI sends the F module the effective range and TAGidentified in the HMI. Method step 18 The F module checks whether theeffective range received from the HMI matches the effective rangedetermined on the F module. If it does, this entry is marked as checkedin the effective range list. Method step 19 The F module returns theresult of the check to the HMI. Method step 20 If all entries in theeffective range list have been checked and confirmed, the configurerrequests the checksum for the effective range list. Method step 21 TheHMI requests the checksum for the effective range list from the Fmodule. Method step 22 The F module calculates the CRC sum only via theentries in the effective range list that the F module has characterizedas checked. If not all entries were checked, the stored CRC does notmatch the configured CRC. Method step 23 The CRC signature determined issent to the HMI in CRC-secured fashion and is stored on the flash of thecontrol device. This CRC must always be sent to the F module duringinitialization of the F module. Method step 24 The CRC sum determined bythe F module is shown on the display. Method step 25 The user must enterthe CRC signature shown on the display into the ES. Method step 26 Theconfigurer loads the “new configuration” onto the control device.

In known fashion HMI is the human-machine user interface.

There follows a brief explanation of the terms used in the above methodsteps. ES designates an engineering system for configuring andadministering projects. The main processor is a standard processorcontaining standard software and runtime HMI, which communicates withthe safety module (F module) via a serial interface. The F modulecontains safety-related hardware and software. The WB module designatesan effective range module that contains hardware and software fordetecting the RFID transponders. Display designates the display on thecontrol device 4 for displaying “unsafe” information.

1. A method for using a mobile control device, with which at least onemachine can be controlled in safety-related fashion in a system,comprising: effecting the control within an effective range which isassigned to the machine and which is delimited by one or more RFIDtransponders; configuring a effective range list, in which in each casethe effective range associated with the RFID transponders installed inthe system and the maximum distance between the control device and therelevant RFID transponders are stored; and checking the effective rangelist, for which purpose the relevant transponder identification numberis received from the RFID transponders using the control device in testmode in the effective ranges of the RFID transponders and subsequentlythe relevant effective range identification number is displayed.
 2. Themethod as claimed in claim 1, wherein when the displayed effective rangeidentification number is identical to a coding on the relevant machine acorresponding confirmation check remark is made in the effective rangelist.
 3. The method as claimed in claim 2, wherein after checking allentries in the effective range list containing the correspondingconfirmation check remarks, a checksum is formed.
 4. The method asclaimed in claim 1, wherein names are assigned to the effective rangesand the relevant name is displayed to a user when logging on in aneffective range, whereupon the user enters into the control device acoding which is relevant to the effective range and which is readable inthe area of the relevant machine.
 5. The method as claimed in claim 2,wherein names are assigned to the effective ranges and the relevant nameis displayed to a user when logging on in an effective range, whereuponthe user enters into the control device the coding which is relevant tothe effective range and which is readable in the area of the relevantmachine.
 6. The method as claimed in claim 3, wherein names are assignedto the effective ranges and the relevant name is displayed to a userwhen logging on in an effective range, whereupon the user enters intothe control device the coding which is relevant to the effective rangeand which is readable in the area of the relevant machine.